Secure Models

This section introduces secure topology models. The information in this book is not sufficient to learn all the nuances of internetwork security. To learn more about internetwork security, you might want to read the book Firewalls and Internet Security, by Bill Cheswick and Steve Bellovin, published by Addison Wesley. Also, by searching for the word "security" on Cisco's web site (www.cisco.com), you can keep up to date on security issues.

Secure topologies are often designed by using a firewall. A firewall protects one network from another untrusted network. This protection can be accomplished in many ways, but in principle, a firewall is a pair of mechanisms: One blocks traffic and the other permits traffic.

Some firewalls place a greater emphasis on blocking traffic, and others emphasize permitting traffic. Figure 4-9 shows a simple firewall topology using routers.

Figure 4-9 A Simple Firewall Network, Using Routers

Figure 4-9 A Simple Firewall Network, Using Routers

You can design a firewall system using packet-filtering routers and bastion hosts. A bastion host is a secure host that supports a limited number of applications for use by outsiders. It holds data that outsiders access (for example, web pages) but is strongly protected from outsiders using it for anything other than its limited purposes.

0 0

Post a comment